Message 221373 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	David.M.Noriega
Recipients	David.M.Noriega
Date	2014-06-23.19:11:01
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1403550662.12.0.944818442815.issue21830@psf.upfronthosting.co.za>
In-reply-to

Content
When trying to use python3-ldap package on Windows 7, found I could not get a TLS connection to work and traced it to its use of ssl.wrap_socket. Trying out the following simple socket test fails import socket import ssl sock = socket.socket() sock.connect(("host.name", 636)) ssl = ssl.wrap_socket(sock, cert_reqs=ssl.CERT_REQUIRED, ca_certs=r"C:path\to\cert\file") Traceback (most recent call last): File "<pyshell#4>", line 1, in <module> sock = ssl.wrap_socket(sock, cert_reqs=ssl.CERT_REQUIRED, ca_certs=r"F:\Downloads\csbc-cacert.pem") File "C:\Python34\lib\ssl.py", line 888, in wrap_socket ciphers=ciphers) File "C:\Python34\lib\ssl.py", line 511, in __init__ self._context.load_verify_locations(ca_certs) ssl.SSLError: unknown error (_ssl.c:2734) This code works on Windows XP(and of course linux) and I'm able to use getpeercert() A workaround I was able to figure out was to use ssl.SSLContext in conjunction with Windows central certificate store. By first loading my CA cert into the trusted root cert store, I could use SSLContext.load_default_certs() to create an ssl socket.

When trying to use python3-ldap package on Windows 7, found I could not get a TLS connection to work and traced it to its use of ssl.wrap_socket. Trying out the following simple socket test fails

import socket
import ssl
sock = socket.socket()
sock.connect(("host.name", 636))
ssl = ssl.wrap_socket(sock, cert_reqs=ssl.CERT_REQUIRED, ca_certs=r"C:path\to\cert\file")
Traceback (most recent call last):
  File "<pyshell#4>", line 1, in <module>
    sock = ssl.wrap_socket(sock, cert_reqs=ssl.CERT_REQUIRED, ca_certs=r"F:\Downloads\csbc-cacert.pem")
  File "C:\Python34\lib\ssl.py", line 888, in wrap_socket
    ciphers=ciphers)
  File "C:\Python34\lib\ssl.py", line 511, in __init__
    self._context.load_verify_locations(ca_certs)
ssl.SSLError: unknown error (_ssl.c:2734)

This code works on Windows XP(and of course linux) and I'm able to use getpeercert()

A workaround I was able to figure out was to use ssl.SSLContext in conjunction with Windows central certificate store. By first loading my CA cert into the trusted root cert store, I could use SSLContext.load_default_certs() to create an ssl socket.

History
Date	User	Action	Args
2014-06-23 19:11:02	David.M.Noriega	set	recipients: + David.M.Noriega
2014-06-23 19:11:02	David.M.Noriega	set	messageid: <1403550662.12.0.944818442815.issue21830@psf.upfronthosting.co.za>
2014-06-23 19:11:02	David.M.Noriega	link	issue21830 messages
2014-06-23 19:11:01	David.M.Noriega	create